Documentation
¶
Overview ¶
Package bootstrap holds first-run helpers shared by `hpcc init scheduler` and `hpcc init worker`: generating a worker-token suitable for the scheduler<->worker shared secret, and minting a self-signed TLS leaf for components whose peer pins by fingerprint (the worker).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateSelfSignedTLS ¶
func GenerateSelfSignedTLS(opts SelfSignedOptions) (certPEM, keyPEM []byte, err error)
GenerateSelfSignedTLS mints an ECDSA P-256 self-signed certificate + private key and returns them PEM-encoded. The output is what secret.LoadTLSCertificate consumes when [tls] cert_file/key_file point at on-disk files.
func GenerateToken ¶
GenerateToken returns a 32-byte cryptographically random URL-safe token. That's 256 bits of entropy, comfortably above the 16-character floor scheduler.Validate / worker.Validate enforce.
Types ¶
type SelfSignedOptions ¶
type SelfSignedOptions struct {
CommonName string
Hosts []string // DNS names / IPs to put in SANs
NotAfter time.Duration // validity duration; <=0 → 10 years
}
SelfSignedOptions controls the leaf cert minted by GenerateSelfSignedTLS. CommonName is informational; the leaf is bound to peers via the SHA-256 fingerprint the scheduler records at worker registration, not via name validation. Hosts populates SANs so that operators who do choose to verify by name (e.g. an operator running a worker behind a stable DNS name) have something to verify against.
Source Files